{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-14813", "assignerOrgId": "91579145-5d7b-4cc5-b925-a0262ff19630", "state": "PUBLISHED", "assignerShortName": "bcorg", "dateReserved": "2025-12-17T00:17:44.229Z", "datePublished": "2026-04-15T08:56:34.057Z", "dateUpdated": "2026-06-30T12:07:23.569Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "91579145-5d7b-4cc5-b925-a0262ff19630", "shortName": "bcorg", "dateUpdated": "2026-05-18T23:15:49.105Z" }, "title": "GOSTCTR implementation unable to process more than 255 blocks correctly", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-327", "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", "type": "CWE" } ] } ], "affected": [ { "vendor": "Legion of the Bouncy Castle Inc.", "product": "BC-JAVA", "platforms": [ "all" ], "collectionURL": "https://www.bouncycastle.org/download/bouncy-castle-java/", "packageName": "bcprov", "repo": "https://github.com/bcgit/bc-java", "modules": [ "core" ], "programFiles": [ "G3413CTRBlockCipher" ], "versions": [ { "status": "affected", "version": "1.59", "lessThan": "1.80.2", "versionType": "maven" }, { "status": "affected", "version": "1.81", "lessThan": "1.81.1", "versionType": "maven" }, { "status": "affected", "version": "1.82", "lessThan": "1.84", "versionType": "maven" } ], "defaultStatus": "unaffected" } ], "descriptions": [ { "lang": "en", "value": ": Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules).\n\n This vulnerability is associated with program files G3413CTRBlockCipher.\n\n\n\nThis issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": ": Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules).
This vulnerability is associated with program files G3413CTRBlockCipher.
This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.
" } ] } ], "references": [ { "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813", "tags": [ "vendor-advisory" ] }, { "url": "https://github.com/bcgit/bc-java/commit/b42574345414e4b7c8051b16fa1fafe01c29871f", "tags": [ "patch" ] }, { "url": "https://github.com/bcgit/bc-java/commit/701686cb0184cd9ae103c801b3581fdf95c6d4f3", "tags": [ "patch" ] } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV4_0": { "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "RED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/RE:M/U:Red" } } ], "credits": [ { "lang": "en", "value": "XlabAI Team of Tencent Xuanwu Lab", "type": "finder" }, { "lang": "en", "value": "Atuin Automated Vulnerability Discovery Engine", "type": "finder" }, { "lang": "en", "value": "Lili Tang, Guannan Wang, and Guancheng Li", "type": "finder" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 1.0.1" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-04-15T13:19:43.094033Z", "id": "CVE-2025-14813", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T13:19:49.520Z" } }, { "affected": [ { "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8" ], "defaultStatus": "affected", "product": "Red Hat JBoss EAP 8.1 for RHEL 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" ], "defaultStatus": "affected", "product": "Red Hat JBoss EAP 8.1 for RHEL 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:amq_broker:7.12" ], "defaultStatus": "affected", "product": "Red Hat AMQ Broker 7.12.7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:amq_broker:7.13" ], "defaultStatus": "affected", "product": "Red Hat AMQ Broker 7.13.5", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:apache_camel_quarkus:3.27" ], "defaultStatus": "affected", "product": "Red Hat Build of Apache Camel 4.14 for Quarkus 3.27", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" ], "defaultStatus": "affected", "product": "Red Hat JBoss Enterprise Application Platform 8.1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_ai:2.25::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift AI 2.25", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_devspaces:3.28::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Dev Spaces 3.28", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:apache_camel_spring_boot:4.18" ], "defaultStatus": "affected", "product": "Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:quarkus:3.20::el8" ], "defaultStatus": "affected", "product": "Red Hat build of Quarkus 3.20.6.SP1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:quarkus:3.27::el8" ], "defaultStatus": "affected", "product": "Red Hat build of Quarkus 3.27.3.SP1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:amq_clients:2023" ], "defaultStatus": "affected", "product": "Red Hat AMQ Clients", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:camel_quarkus:3" ], "defaultStatus": "affected", "product": "Red Hat build of Apache Camel 4 for Quarkus 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:apicurio_registry:3" ], "defaultStatus": "affected", "product": "Red Hat build of Apicurio Registry 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:debezium:3" ], "defaultStatus": "affected", "product": "Red Hat build of Debezium 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:build_keycloak:" ], "defaultStatus": "affected", "product": "Red Hat Build of Keycloak", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "affected", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "affected", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_ai" ], "defaultStatus": "affected", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "affected", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ], "defaultStatus": "affected", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:amq_streams:2" ], "defaultStatus": "affected", "product": "streams for Apache Kafka 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:cryostat:4" ], "defaultStatus": "unaffected", "product": "Cryostat 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:amq_broker:7" ], "defaultStatus": "unaffected", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "unaffected", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:satellite:6" ], "defaultStatus": "unaffected", "product": "Red Hat Satellite 6", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:amq_streams:3" ], "defaultStatus": "unaffected", "product": "streams for Apache Kafka 3", "vendor": "Red Hat" } ], "datePublic": "2026-04-15T08:56:34.057Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `GOSTCTR` implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the `G3413CTRBlockCipher`, potentially leading to the recovery and access of encrypted data." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-327", "description": "Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE" } ] } ], "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2025-14813" }, { "name": "RHBZ#2458640", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458640" }, { "tags": [ "x_sadp-csaf-vex" ], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14813.json" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:18054" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:18055" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:14276" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:14272" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:13631" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:18059" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:24977" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:21772" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:17668" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:11720" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:11721" } ], "solutions": [ { "lang": "en", "value": "RHSA-2026:18054: Red Hat JBoss EAP 8.1 for RHEL 8" }, { "lang": "en", "value": "RHSA-2026:18055: Red Hat JBoss EAP 8.1 for RHEL 9" }, { "lang": "en", "value": "RHSA-2026:14276: Red Hat AMQ Broker 7.12.7" }, { "lang": "en", "value": "RHSA-2026:14272: Red Hat AMQ Broker 7.13.5" }, { "lang": "en", "value": "RHSA-2026:13631: Red Hat Build of Apache Camel 4.14 for Quarkus 3.27" }, { "lang": "en", "value": "RHSA-2026:18059: Red Hat JBoss Enterprise Application Platform 8.1" }, { "lang": "en", "value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25" }, { "lang": "en", "value": "RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28" }, { "lang": "en", "value": "RHSA-2026:17668: Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14" }, { "lang": "en", "value": "RHSA-2026:11720: Red Hat build of Quarkus 3.20.6.SP1" }, { "lang": "en", "value": "RHSA-2026:11721: Red Hat build of Quarkus 3.27.3.SP1" } ], "timeline": [ { "lang": "en", "time": "2026-04-15T10:01:27.769Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2026-04-15T08:56:34.057Z", "value": "Made public." } ], "title": "bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly", "workarounds": [ { "lang": "en", "value": "To mitigate this vulnerability, strictly limit the payload encrypted under a single key and Initialization Vector (IV) pair using the GOSTCTR implementation and G3413CTRBlockCipher to a maximum of 255 blocks. Alternatively, transition to a more secure, standardized and authenticated encryption mode." } ], "x_adpType": "supplier", "x_generator": { "engine": "sadp-cli 1.0.0" }, "providerMetadata": { "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-30T12:07:23.569Z" } } ] } }